Lucene search
K

46 matches found

OSV
OSV
added 2025/05/13 4:15 p.m.6 views

AZL-77828 CVE-2025-47278 affecting package python-flask 1.1.1-4

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.8CVSS6.6AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/13 3:57 p.m.9 views

CVE-2025-47278 Flask uses fallback key instead of current signing key

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.8CVSS6.5AI score0.00153EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/18 12:0 a.m.5 views

Flask-CORS 安全漏洞

Flask-CORS is a cross-origin resource sharing component for Flask by the individual developer Cory Dolphin. A security vulnerability exists in Flask-CORS version 4.0.1 that stems from allowing Access-Control-Allow-Private-Network to set the CORS header to true by default without any configuration...

7.5CVSS6.6AI score0.00677EPSS
Exploits1References4
OSV
OSV
added 2023/12/22 11:6 a.m.5 views

OESA-2023-1936 python-flask security update

Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...

7.5CVSS9AI score0.01261EPSS
Exploits1References2
OSV
OSV
added 2023/12/15 11:6 a.m.4 views

OESA-2023-1922 python-flask security update

Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...

7.5CVSS9AI score0.01261EPSS
Exploits1References2
Redos
Redos
added 2023/06/16 12:0 a.m.31 views

ROS-20230616-05

A vulnerability in the Flask framework is related to the ability to send one client's session cookie to other users. users. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to protected information...

7.5CVSS7.5AI score0.01261EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/05/11 1:57 a.m.7 views

SUSE CVE-2023-30861

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

7.5CVSS9.2AI score0.01261EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2023/05/05 12:0 a.m.5 views

The vulnerability of the Flask framework lies in its ability to send a single client’s cookie session file to other users, allowing an attacker to access protected information.

The vulnerability of the Flask framework lies in the ability to send a session cookie file from one client to other users. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information...

7.8CVSS7.3AI score0.01261EPSS
Exploits1References5Affected Software3
Huntr
Huntr
added 2023/04/17 1:2 p.m.8 views

Improper Error Handling at Rating function

Description Please enter a description of the vulnerability. Navigating rating function http://127.0.0.1:8083/ratings/stored/-1 Change this number to arbitrary characters http://192.168.14.180:8083/ratings/stored/-2 Error occurs allows user to know the path of application file within system...

6.9AI score
Exploits0
OSV
OSV
added 2022/07/11 1:15 a.m.4 views

CVE-2022-31568

The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS5.8AI score0.01118EPSS
Exploits1References1
OSV
OSV
added 2022/07/11 1:15 a.m.3 views

CVE-2022-31554

The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7.3AI score0.01118EPSS
Exploits1References1
OSV
OSV
added 2022/07/11 1:15 a.m.4 views

CVE-2022-31532

The dankolbman/travelblahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS5.8AI score0.01118EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.5 views

BaiduWenkuSpider_flaskWeb 路径遍历漏洞

BaiduWenkuSpiderflaskWeb is a python web project based on the FlaskFrame framework for crawling Baidu's library by ChangeWeDer personal developer. path traversal vulnerability exists in versions of BaiduWenkuSpiderflaskWeb prior to 2021-11-29, which The vulnerability stems from a failure of the...

9.3CVSS5.7AI score0.01213EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.3 views

photo_tag 路径遍历漏洞

phototag is a photo tagging tool by the individual developer of Boring YiBa. A security vulnerability exists in phototag version 2020-08-31 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

9.3CVSS8.2AI score0.01041EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.4 views

wormnest 路径遍历漏洞

wormnest is a Python3 Flask/SQL-Alchemy web server for URL narrowing and manipulating file services by individual developer John Torakis in Greece. A path traversal vulnerability exists in wormnest version 0.4.7, which stems from insecure use of the Flask sendfile function...

9.3CVSS8.3AI score0.01213EPSS
Exploits1References3
Gitee
Gitee
added 2020/10/10 5:38 p.m.5 views

vulhub

It is an offensive tool for web application security training. The primary target is the web application, specifically the Flask framework. The vulnerability class/vector is Server-Side Template Injection SSTI. The probable entry points are scripts/modules such as flask/ssti/exploit.py. Notable...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/08/22 9:52 a.m.5 views

Sitadel

This is a web application security scanner called Sitadel, which is an update for WAScan making it compatible with Python 3.4 and above. It allows for more flexibility in writing new modules and implementing new features, such as frontend framework detection, content delivery network detection, a...

7.1AI score
Exploits0
Fedora
Fedora
added 2020/07/08 1:6 a.m.28 views

[SECURITY] Fedora 31 Update: python-flask-admin-1.5.6-1.fc31

Flask-Admin is advanced, extensible and simple to use administrative interf ace building extension for Flask framework. It comes with batteries included: model scaffolding for SQLAlchemy, MongoEngine, MongoDB and Peewee ORMs, simple file management interface and a lot of usage samples. You're not...

6.1CVSS1.7AI score0.01213EPSS
Exploits1
Fedora
Fedora
added 2020/07/08 1:5 a.m.54 views

[SECURITY] Fedora 32 Update: python-flask-admin-1.5.6-1.fc32

Flask-Admin is advanced, extensible and simple to use administrative interf ace building extension for Flask framework. It comes with batteries included: model scaffolding for SQLAlchemy, MongoEngine, MongoDB and Peewee ORMs, simple file management interface and a lot of usage samples. You're not...

6.1CVSS1.7AI score0.01213EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/07/08 12:0 a.m.19 views

Fedora: Security Advisory for python-flask-admin (FEDORA-2020-e8f384af5f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.3AI score0.01213EPSS
Exploits1References2
Rows per page
Query Builder